Links

Images

Classifications

G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus

G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means

G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data

G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system

H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication

H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token

H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication

H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication

H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

A user authentication method performed by a computer (FS) by means of a
device (6) for storing data derived from a smart card (4) though cryptographic
operations, in said smart card (4) being stored a digital certificate (CDCIE), a
private key (PrKCIE) and the public key (PbKCIE) corresponding to said private key
(PrKCIE); since said storing device (6) is univocally bound to said smart card (4),
it can be used in an apparatus (10) able to communicate with said computer (FS)
of a service provider, in order to authenticate the user of the storing device (6).

Description

The object of the present invention is an authentication method by means
of a storage device.

Electronic devices for storing information, like for instance magnetic and
optical disks, microprocessors and so on, are in use since a lot of time.

Among said devices are also included cards for storing information. Said
cards are used for different purposes: phone cards, credit cards or bank cards in
general, cards for surveying the presence at the place of work and so on.

Said cards have been flanked by the so called smart cards that, besides
storing information, also contain a unit (chip) able to process information.

In the case of the smart cards, new applications allowing a more active
role of the cards are coming forward in order to exploit fully the capability of
their processing devices.

On the card is stored information relative to the authorisations provided
for the holder who will be able to obtain or not certain services at the end of an
authentication procedure managed by service administration bodies (server).

The user authentication consists in guaranteeing to the service provider
that the user is effectively that who is declaring to be. The authentication
procedure is an essential element for providing remote services because the
service provider does not have the possibility to verify personally the identity of
whom is asking to obtain a certain service.

The use of the smart cards is diffusing rapidly also for services concerning
the everyday's life, for instance the services provided by the public
administration, and in the next future the use of a card and of a communication
network will be indispensable for obtaining a big part of said services.

The use of the electronic identity card, that will replace in the next future
the traditional paper identity card, is to be considered in this perspective. The
electronic identity card will contain personal information both visibly printed on
the card itself, like for instance the name, the surname, the place and the date of
birth, and stored in digital form. Secret information will be also stored on the
card as well, that is to say information accessible only to the electronic identity
card's holder by means of a personal secret code or PIN (Personal Identification
Number).

Since the electronic identity card must consent to identify its holder in a
safe way, telematically as well, in order to allow the provision of diversified and
always newer services as said services are conceived and made ready by the
administrations, the card will be generally provided with a microprocessor
allowing said functionalities, thereby guaranteeing, at a logical level, the identity
of the card's holder in the telematic transactions during which the parties can not
"see" each other.

Besides, the diffusion of said cards will make necessary to dispose of card
readers at low cost and of simple use.

An electronic identity card reader will be provided for instance at the public
administration bodies appointed for delivering the services.

Other readers will be installed at a certain number of peripheral offices,
but, in any case, it is hardly imaginable that in the next future each user will be
provided by the public administration with an electronic identity card reader that,
in any case, must be connected at least with a computer and with a modem.
Obviously, this fact constitutes a limit to the diffusion of the electronic identity
card.

For making the use of the electronic identity card more advantageous, it
would be desirable that the user could use the card by means of a tool more
diffused than a special-purpose reader.

Besides, it would be desirable that the user could use the card also for
purposes different from those connected with the public administration services,
for instance for obtaining services delivered by service providers, like banks and
shops of every kind, in order to give life to electronic commerce transactions.

In other words, the success of the electronic identity card, for the
realisation of which the governments of various countries are investing
considerable economic funds, will benefit from the fact that the user of the
electronic identity card could use his/her electronic identity card or an equivalent
of it, for instance for carrying out a banking operation without going to a bank or
for buying a good without going to a shop.

Yet it is clear that it is necessary to find a means allowing to the citizen
holding an electronic identity card, that, as far as Italy is concerned, will be
distributed to each citizen by the end of 2004, to carry out operations with the
service providers safely, easily, economically and without going in person to the
service provider.

The present invention identifies the mobile phone, by this time largely
diffused among all the layers of the population, as the means able to consent to
the electronic identity card's holder to use the data therein contained for
requesting certain services to a service provider by means of a normal phone
call.

It is an object of the present invention to realise a user authentication
method by means of a smart card, in particular by means of a smart card of the
type used in the mobile phones.

This and other objects of the invention are obtained with the method as
claimed in the hereby attached claims.

Advantageously, for being able to exploit the invention, the user holding
an electronic identity card only needs a mobile phone, by this time largely
diffused among the population, with its relative smart card.

For satisfying the criteria necessary to a safe information exchange, it is
known to turn to cryptography, that is to the science dealing with the protection
and the mathematical transformation of data into a non-readable format, thereby
offering authentication, integrity, secrecy and nonrepudiation services.

The invention uses known cryptographic techniques, like the asymmetric
cryptography with a public or a private key and the "hashing" algorithms, that is
to say algorithms for obtaining a fixed-length string starting from a
variable-length string.

Advantageously, the invention exploits information already present on the
electronic identity card, in particular the public key, the private key and the
digital certificate, that can be used for processing data cryptographically and for
making safe the information exchange between the user and the service
provider.

In addition, the digital certificate contains information about its owner,
about the certification authority that issued the certificate and, in case, the list of
the authorities disposing of the certificate revocation lists issued by the
certification authority.

It is important to point out that the level of authentication obtainable by
means of the method according to the invention is the same as the level
guaranteed by the electronic identity card.

Besides, the present invention advantageously provides for the
interruption in the service provision if anomalies during the card authentication
procedure are discovered, for instance in case the cards result to be stolen,
tampered with or expired, or in case someone tries to impersonate another
individual.

Moreover, as far as the phone communication is concerned, the fact of
being able to rely upon reliable and tested technologies like for instance the GSM
technology is a further advantage for the user. In any case, the invention leaves
out of consideration the communication protocol used with the service provider
and therefore can be also used with possible improvements of the current
communication standards, or with new communication standards.

The above mentioned and other objects of the invention will appear more
clear from the detailed description of seven embodiments of the method
according to the invention with particular reference to the hereby attached
drawings, wherein:

Figure 1 shows a device according to the invention for transferring
data from an electronic identity card to a smart card of the type used in a
mobile phone;

Figures 2a,2b and 2c are respectively three schematic
representations of communication systems applying the method according to
the invention;

Figures 3 and 4 are a flow chart of a first embodiment of the
authentication method according to the invention;

Figures 5 and 6 are a flow chart of a second embodiment of the
authentication method according to the invention;

Figures 7 and 8 are a flow chart of a third embodiment of the
authentication method according to the invention;

Figures 9 and 10 are a flow chart of a fourth embodiment of the
authentication method according to the invention;

Figures 11 and 12 are a flow chart of a fifth embodiment of the
authentication method according to the invention;

Figures 13 and 14 are a flow chart of a sixth embodiment of the
authentication method according to the invention;

Figures 15 and 16 are a flow chart of a seventh embodiment of the
authentication method according to the invention.

With reference to the Figure 1, it is shown a device 1 provided with two
slots 2,3 respectively for inserting an electronic identity card 4 equipped with a
microprocessor 5 and with a smart card 6 or SIM (Subscriber Identity Module) of
the type used in the mobile phones, said SIM being provided with a memory area
8, wherein it is possible to store data, and being equipped with a microprocessor
7.

The data used by the method according to the invention are stored on the
electronic identity card 4. In particular, it is about a digital certificate CDCIE, a
public key PbKCIE and a private key PrKCIE.

The digital certificate CDCIE, currently arranged in format X.509, or
public-key PbKCIE digital certificate is a declaration issued by a certification
authority CA which guarantees, thanks to the digital signature, the association
between the public key PbKCIE and the identity of the object (user, peripheral or
service) owning the corresponding private key PrKCIE.

The public key PbKCIE and the private key PrKCIE are mathematically
correlated so that only the owner of the private key PrKCIE is able to decode a
digital information coded with the public key PbKCIE.

It is important to point out that the private key PrKCIE is invisible from
outside but can be used for cryptographic operations.

In addition, the device 1 provides for some ports, not represented in the
figure, for the possible connection to a computer, to a network, to Internet, or to
a different electronic device.

Moreover, the device 1 will be able to perform, by means of a data
processing unit and of an appropriate software, data reading operations from the
electronic identity card 4, data reading and writing on the SIM 6, and data
processing, therein comprising data cryptographic operations.

Example 1

It is now described a first example of the method for authenticating the
user of an electronic identity card 4 by means of a SIM 6 of the type suitable to
be used in a mobile phone.

During the preparation stage of said SIM 6, the electronic identity card 4
and the SIM 6 are respectively inserted into the respective slots 2,3 of the device
1.

With reference to the Figure 3, at step 101 the device 1 requests and
obtains from the SIM 6 a unique string IDSIM, which is generally the serial
number of the SIM, univocally assigned by the SIM manufacturer itself.
Agreements reached between the different SIM manufacturers prevent that two
SIMs having the same IDSIM may exist. In this same step the device 1 requests
and obtains the digital certificate CDCIE from the electronic identity card 4.

At step 105 the device 1 or the electronic identity card 4 performs a
cryptographic operation by means of a "hashing" algorithm on the string CDCIESIM
obtained at step 103, thereby obtaining a string HCDCIESIM = H(CDCIESIM).

At step 109 the string HCD'CIESIM and the digital certificate CDCIE containing
the public key PbKCIE of the electronic identity card 4 are stored in the SIM 6. In
this way the electronic identity card 4 is univocally bound to the SIM 6 of the
mobile phone 10.

Then the SIM card 6 can be taken out from the device 1 and be inserted
into a mobile phone 10 for being used in the authentication procedure with a
service provider, for instance a bank, the public administration or a shop.

With reference to the Figures 2a and 4, it will be now described the
authentication procedure according to this first embodiment of the invention.

By making a phone call to a service provider, the mobile phone 10
containing the SIM 6 is put into communication with a computer FS of a service
provider.

During the stage of use of said SIM 6, at step 151 the computer FS of the
service provider requests and obtains from the SIM 6, by means of the mobile
phone 10, the string HCD'CIESIM, the digital certificate CDCIE, and the unique string
IDSIM of the SIM 6.

At step 153 the computer FS of the service provider concatenates the
digital certificate CDCIE with the string IDSIM, thereby obtaining the string
CD*CIESIM = CDCIE # IDSIM.

At step 155 the computer FS performs a cryptographic operation by means
of a "hashing" algorithm on the string CD*CIESIM obtained at step 153, thereby
obtaining a string HCD*CIESIM = H(CD*CIESIM).

At step 157 the computer FS of the service provider performs a
cryptographic operation of the string HCD'CIESIM with the public key PbKCIE,
present on the digital certificate CDCIE, thereby obtaining the string
HCDCIESIM = HCD'CIESIM ⊗ PbKCIE.

In case the string HCDCIESIM does not match with the string HCD*CIESIM, the
computer FS of the service provider will stop the user authentication procedure
(step 160).

At step 161, the computer FS interrogates a remote computer CRL
disposing of the list of certificates revoked by the certification authority CA, said
authority being identified through the digital certificate CDCIE of the electronic
identity card 4. Since the computer CRL guarantees the validity of the certificate,
it verifies if the latter is valid (in case, the computer CRL may also coincide with
the computer of the certification authority CA).

Only in case of positive outcome (step 163), the user authentication has
turned out well and the service provider will begin offering services to the user,
since the service provider has unequivocally identified the owner of the SIM 6
contained in the mobile phone 10. Otherwise (step 162) the service provider will
stop the user authentication procedure.

Example 2

It will be now described a second embodiment of the invention wherein the
unique string IDSIM of the SIM 6 is not used.

During the preparation stage of said SIM 6, the electronic identity card 4
and the SIM 6 are respectively inserted into the respective slots 2,3 of the device
1.

With reference to the Figure 5, at step 201 the device 1 or, as an
alternative, the electronic identity card 4 itself, generate a public key PbKSIM and
a corresponding private key PrKSIM.

At step 203 the device 1, or the electronic identity card 4, performs a
cryptographic operation by means of a "hashing" algorithm of the digital
certificate CDCIE read by the electronic identity card 4, thereby obtaining the
string HCDCIE = H(CDCIE).

Finally, the private key PrKSIM, the public key PbKSIM, the digital certificate
CDCIE of the electronic identity card 4 and the string HCD"CIE are stored in the SIM
6 (step 209). In this way, the electronic identity card 4 is univocally bound to the
SIM 6 of a mobile phone 10.

Naturally, the private key PrKSIM will be stored in the SIM 6, according to
known techniques, thereby guaranteeing the inaccessibility from outside, apart
from the microprocessor of the mobile phone 10.

Then the SIM card 6 can be taken out from the device 1 and be inserted
into a mobile phone 10 for being used in the authentication procedure with a
service provider, for instance a bank, the public administration or a shop.

With reference to the Figures 2b e 6, it will be now described the
authentication procedure, according to said second embodiment of the invention.

By making a phone call to a service provider, the mobile phone 10
equipped with a microprocessor or chip 12 and containing the SIM 6 is put into
communication with a computer FS of a service provider.

During the stage of use of said SIM 6, at step 251 the computer FS of the
service provider requests and obtains from the SIM 6 of the mobile phone 10 the
public key PbKSIM, the string HCD"CIE and the digital certificate CDCIE.

At step 253 the computer FS generates a random number CH, creates
from said number CH, by means of an asymmetric cryptographic operation with
the public key PbKSIM, a string CH' = CH ⊗ PbKSIM, and sends said string CH' to
the SIM 6 of the mobile phone 10.

At step 255 either the SIM 6 or the mobile phone 10 deciphers the string
CH' with the private key PrKSIM, thereby obtaining the number
CH* = CH' ⊗ PrKSIM.

At step 257 the SIM 6, or the mobile phone 10, by means of an "hashing"
algorithm on the random number CH*, generates a string S. Said string S is
concatenated with itself more times until its length LS is equal to the length
LHCD"CIE of the string HCD"CIE (S = #H(CH*) until LS = LHCD"CIE).

At step 259, either the SIM 6 or the mobile phone 10 generate a string
HCD"CIE_XOR obtained by performing the logic operation XOR between the string
HCD"CIE and the string S. The string HCD"CIE_XOR = HCD"CIE ⊕ S is successively sent
to the computer FS.

At step 261, the computer FS, by means of a "hashing" algorithm on the
random number CH, generates a string T. Said string T is concatenated with
itself more times until its length LT is equal to the length LHCD"CIE_XOR of the string
HCD"CIE_XOR (T = #H(CH) until LT = LHCD"CIE_XOR).

At step 263, the computer FS obtains the string HCD"CIE = HCD"CIE_XOR ⊕ T
by performing the logic operation XOR between the string HCD"CIE_XOR and the
string T.

At step 265, the computer FS deciphers the string HCD"CIE with the public
key PbKCIE, present on the digital certificate CDCIE, thereby obtaining the string
HCD'CIE = HCD"CIE ⊗ PbKCIE.

At step 269, the computer FS by means of a "hashing" algorithm on the
digital certificate CDCIE, obtains the string HCDCIE = H(CDCIE).

At step 271, the computer FS compares the string HCD*CIE with the string
HCDCIE (HCD*CIE = HCDCIE ?). In case the string HCD*CIE does not match with the
string HCDCIE, the service provider will stop the user authentication procedure
(step 272).

At step 273, the computer FS interrogates a remote computer CRL
disposing of the list of certificates revoked by the certification authority CA, said
authority being identified through the digital certificate CDCIE of the electronic
identity card 4 (in case, the computer CRL can also coincide with the computer of
the certification authority CA). Since the computer CRL guarantees the validity of
the certificate, it verifies if the latter is valid.

Only in case of positive outcome (step 275), the user authentication has
turned out well and the service provider will begin offering services to the user,
since the service provider has unequivocally identified the owner of the SIM 6
contained in the mobile phone 10. Otherwise (step 274) the service provider will
stop the user authentication procedure.

Example 3

A further embodiment of the method according to the invention provides
for the use of a chip 12 present in a mobile phone 10 for performing the biggest
part of the cryptographic operations required by the method according to the
invention.

With reference to the Figure 7, during the stage of preparation of said SIM
6, at step 301 the chip 12 provided in the mobile phone 10 generates a pair of
private and public keys PrKSIM e PbKSIM that is stored in a memory area 14 of said
chip 12.

At the successive step 303 the public key PbKSIM is written on the SIM 6
that is inserted into the mobile phone 10.

The SIM card 6 is then taken out from the mobile phone 10 and inserted
into the device 1 wherein also the electronic identity card 4 will be inserted.

At step 305 the device 1 requests and obtains from the SIM 6 a unique
string IDSIM, that generally is the serial number of the SIM 6. In this same step
the device 1 requests and obtains the digital certificate CDCIE from the electronic
identity card 4.

At step 321 the chip 12 writes in its memory 14 the string HCD"CIESIM and
the digital certificate CDCIE associating them to the public key PbKSIM generated at
step 301.

At step 323 the chip 12 provides for deleting from the SIM 6 the string
HPCD"CIESIM and the digital certificate CDCIE.

The SIM card 6 and the mobile phone 10 can be used in the authentication
procedure with a service provider, for instance a bank, the public administration
or a shop.

With reference to the Figures 2a e 8, it will now be described the
authentication procedure according to this third embodiment of the invention.

By making a phone call to a service provider, the mobile phone 10
containing the SIM 6 is put into communication with a computer FS of a service
provider.

During the stage of use of said SIM 6, at step 351 the chip 12 of the
mobile phone 10 reads the string IDSIM from the SIM 6.

At step 353 the computer FS of the service provider requests and obtains
the string HCD"CIESIM, the digital certificate CDCIE, the public key PbKSIM and the
string IDSIM from the chip 12 of the mobile phone 10.

At stage 355 the computer FS of the service provider concatenates the
digital certificate CDCIE with the string IDSIM, thereby obtaining the string
CD'CIESIM = CDCIE # IDSIM.

At step 357 the computer FS performs a cryptographic operation by means
of an "hashing" algorithm on the string CD*CIESIM, thereby obtaining the string
HCD*CIESIM = H(CD*CIESIM).

At step 359 the computer FS of the service provider performs an
asymmetric cryptographic operation of the string HCD"CIESIM with the public
PbKSIM, thereby obtaining the string HCD'CIESIM = HCD"CIESIM ⊗ PbKSIM.

At step 361 the computer FS of the service provider performs an
asymmetric cryptographic operation of the string HCD'CIESIM with the public key
PbKCIE, present on the certificate CDCIE, thereby obtaining the string
HCDCIESIM = HCD'CIESIM ⊗ PbKCIE.

In case the string HCDCIESIM does not match with the string HCD*CIESIM, the
computer FS of the service provider will stop the user authentication procedure
(step 364).

At step 365, the computer FS interrogates a remote computer CRL
disposing of the list of certificates revoked by the certification authority CA, said
authority being identified through the digital certificate CDCIE of the electronic
identity card 4 (in case, the computer CRL can also coincide with the computer of
the certification authority CA). Since the computer CRL guarantees the validity of
the certificate, it verifies if the latter is valid.

Only in case of positive outcome (step 367), the user authentication has
turned out well and the service provider will begin offering services to the user,
since the service provider has unequivocally identified the owner of the SIM 6
contained in the mobile phone 10. Otherwise (step 366) the service provider will
stop the user authentication procedure.

Example 4

A fourth embodiment according to the invention provides for a second
computer that can be consulted for instance through Internet and is managed by
a third party different from the user and from the service provider.

With reference to the Figure 2c, a computer TP of a third party is equipped
with a memory 11 and, on the one side, can be connected to the device 1 and,
on the other side, can communicate with a computer FS of a service provider.

During the preparation stage of said SIM 6, the electronic identity card 4
and the SIM 6 are respectively inserted into the respective slots 2,3 of the device
1.

With reference to Figure 9, at step 401 the device 1 requests and obtains
from the SIM 6 a unique string IDSIM, that is generally the serial number of the
SIM 6. In this same step, the device 1 requests and obtains from the electronic
identity card 4 the digital certificate CDCIE.

At step 405 the device 1, or the electronic identity card 4, performs a
cryptographic operation by means of a "hashing" algorithm on the string CDCIESIM,
thereby obtaining the string HCDCIESIM = H(CDCIESIM).

The device 1 transfers the string HCD'CIESIM and the digital certificate CDCIE
to the computer TP (step 409).

At step 411 the computer TP or the electronic identity card 4 or the device
1 generates a public key PbKSIM and a corresponding private key PrKSIM that are
in any case stored in the memory 11 of the computer TP.

At step 415 the computer TP stores the digital certificate CDCIE and the
string HCD"CIESIM, besides associating biunivocally the user phone number NTEL
with said data and with the public key PbKSIM and the private key PrKSIM.

At step 417 the computer TP sends its IP address and the public key
PbKSIM to the device 1 that stores them on the SIM 6. In this way, the electronic
identity card 4 is bound univocally to the SIM 6 of a mobile phone 10 through the
computer TP.

Then the SIM card 6 can be taken out from the device 1 and be inserted
into the mobile phone 10 in order to be used in the authentication procedure with
a service provider, for instance a bank, the public administration or a shop.

With the reference to the Figures 2a and 10 it will be now described the
authentication procedure according to this fourth embodiment of the invention.

By making a phone call to a service provider, a mobile phone 10
containing the SIM 6 is put into communication with a computer FS of a service
provider.

During the stage of use of said SIM 6, at step 451 the computer FS of the
service provider requests and obtains from the SIM 6 of the mobile phone 10 the
IP address of the computer TP, the public key PbKSIM, the user phone number
NTEL and the unique string IDSIM.

At step 453 the computer FS communicates via Internet with the computer
TP, thanks to the IP address, and sends to it the user phone number NTEL.

At step 455 the computer TP, thanks to the phone number, sends to the
computer FS the digital certificate CDCIE and the string HCD"CIESIM corresponding
to the user phone number NTEL.

At step 457 the computer FS of the service provider concatenates the
string CDCIE with the string IDSIM, thereby obtaining the string
CD*CIESIM = CDCIE # IDSIM.

At step 459 the computer FS performs a cryptographic operation by means
of an "hashing" algorithm on the string CD*CIESIM, thereby obtaining the string
HCD*CIESIM = H(CD*CIESIM).

At step 461 the computer FS of the service provider deciphers the string
HCD"CIESIM with the public key PbKSIM, thereby obtaining the string
HCD'CIESIM = HCD"CIESIM ⊗ PbKSIM.

At step 463 the computer FS of the service provider deciphers the string
HCD'CIESIM with the public key PbKCIE, present on the digital certificate CDCIE,
thereby obtaining the string HCDCIESIM = HCD'CIESIM ⊗ PbKCIE.

In case the string HCDCIESIM does not match with the string HCD*CIESIM, the
computer FS of the service provider will stop the user authentication procedure
(step 466).

At step 467, the computer FS interrogates a remote computer CRL
disposing of the list of certificates revoked by the certification authority CA, said
authority being identified through the digital certificate CDCIE of the electronic
identity card 4 (in case, the computer CRL can also coincide with the computer of
the certification authority CA). Since the computer CRL guarantees the validity of
the certificate, it verifies if the latter is valid.

Only in case of positive outcome (step 469), the user authentication has
turned out well and the service provider will begin offering services to the user,
since the service provider has unequivocally identified the owner of the SIM 6
contained in the mobile phone 10. Otherwise (step 468) the service provider will
stop the user authentication procedure.

Example 5

A fifth embodiment of the method according to the invention concerns the
possibility for the user to go directly to a service provider with a mobile phone
and an electronic identity card.

During the preparation stage of said SIM 6, the electronic identity card 4
and the SIM 6 are respectively inserted into the respective slots 2,3 of the device
1.

With reference to the Figure 11, at step 501 the device 1, or the electronic
identity card 4, performs a cryptographic operation by means of a "hashing"
algorithm on the digital certificate CDCIE read by the electronic identity card 4,
thereby obtaining a string HCDCIE = H(CDCIE).

At step 505 the device 1 transfers the string HCD'CIE, the digital certificate
CDCIE and the unique string IDSIM, that is generally the serial number of the SIM
6, to the computer FS of the service provider that is equipped with a memory
(13).

At step 507 the computer FS generates, by means of a "hashing"
algorithm on the string IDSIM, a string HIDSIM = H(IDSIM) that is concatenated with
itself (step 509) until the length LS of the string S so generated is not equal to
the length LHCD'CIE of the string HCD'CIE (S = #(HIDSIM) until LS=LHCD'CIE).

At step 511 a logic operation XOR between the string HCD'CIE and the
string S is performed, thereby obtaining a string HCD'CIE_XOR = HCD'CIE ⊕ S.

At step 513 the user phone number NTEL, the string HCD'CIE_XOR and the
digital certificate CDCIE are stored on the computer FS.

Then the SIM card 6 can be taken out from the device 1 and be inserted
into a mobile phone 10 for being used in the authentication procedure with the
service provider where the operations described at the steps 501-513 have been
performed.

With reference to the Figures 2a and 12, it will be now described the
authentication procedure according to said fifth embodiment of the invention.

By making a phone call to a service provider, the mobile phone 10
containing the SIM 6 is put into communication with a computer FS of a service
provider.

During the use stage of said second smart card 6, at step 551 the
computer FS requests and obtains from the SIM 6 the phone number NTEL and
the unique string IDSIM.

At step 553 the computer FS performs a cryptographic operation by means
of a "hashing" algorithm of the string IDSIM, thereby obtaining the string
HIDSIM = H(IDSIM).

At step 555 the computer FS generates a string T that is concatenated
with itself more times until it has a length LT equal to the length LHCD'CIE_XOR of the
string HCD'CIE_XOR associated to the corresponding phone number NTEL
(T = #(HIDSIM) until LT = LHCD'CIE_XOR).

At step 557 a logic operation XOR is performed between the string
HCD'CIE_XOR and the string T obtained at step 555, thereby obtaining the string
HCD'CIE = HCD'CIE_XOR ⊕ T.

At step 559 an asymmetric cryptographic operation of the string HCD'CIE
with the public key PbKCIE is performed, thereby obtaining the string
HCDCIE = HCD'CIE ⊗ PbKCIE.

At step 561 the computer FS obtains by means of a "hashing" algorithm on
the digital certificate CDCIE the string HCD*CIE = H(CDCIE).

In case the string HCDCIE does not match with the string HCD*CIE, the
computer FS of the service provider will stop the user authentication procedure
(step 564).

At step 565, the computer FS interrogates a remote computer CRL
disposing of the list of certificates revoked by the certification authority CA, said
authority being identified through the digital certificate CDCIE of the electronic
identity card 4 (in case, the computer CRL can also coincide with the computer of
the certification authority CA). Since the computer CRL guarantees the validity of
the certificate, it verifies if the latter is valid.

Only in case of positive outcome (step 567), the user authentication has
turned out well and the service provider will begin offering services to the user,
since the service provider has unequivocally identified the owner of the SIM 6
contained in the mobile phone 10. Otherwise (step 566) the service provider will
stop the user authentication procedure.

Example 6

It will be now described a sixth method for authenticating the user of an
electronic identity card 4 by means of a SIM 6 of the type suitable to be used in
a mobile phone in which an "hashing" algorithm is not used.

In fact, as it is known, the advantage of storing strings, to which an
"hashing" algorithm has been applied, consists in the fact that the length of said
strings, typically of 16 or 20 bytes, is at least of two orders of magnitude lower
than the length of a digital certificate that is typically of 4 kilobytes.

This fact is extremely important especially for the authentication methods
in which the strings are stored in the SIM 6 and in the chip 12, that do not
dispose of a so high memory capacity as the memories of the computers FS or
TP.

With reference to this sixth example, during the preparation stage of said
SIM 6, the electronic identity card 4 and the SIM 6 are respectively inserted into
the slots 2,3 of the device 1.

With reference to the Figure 13, at step 601 the device 1 requests and
obtains from the SIM 6 a unique string IDSIM, that is generally the serial number
of the SIM. In this same step, the device 1 requests and obtains from the
electronic identity card 4 the digital certificate CDCIE.

At step 607 the string CD'CIESIM and the digital certificate CDCIE containing
the public key PbKCIE of the electronic identity card 4 are stored on the SIM 6. In
this way, the electronic identity card 4 is bound univocally to the SIM 6 of a
mobile phone 10.

Then the SIM card 6 can be taken out from the device 1 and be inserted
into the mobile phone 10 for being used in the authentication procedure with a
service provider, for instance a bank, the public administration or a shop.

With reference to the Figures 2a and 14 it will be now described the
authentication procedure according to this sixth embodiment of the invention.

By making a phone call to a service provider, a mobile phone 10
containing the SIM 6 is put into communication with a computer FS of a service
provider.

During the use stage of said second smart card 6, at step 651 the
computer FS of the service provider requests and obtains from the SIM 6, via the
mobile phone 10, the string CD'CIESIM, the digital certificate CDCIE, and the unique
string IDSIM of the SIM 6.

At step 653 the computer FS of the service provider concatenates the
digital certificate CDCIE with the string IDSIM, thereby obtaining the string
CD*CIESIM = CDCIE # IDSIM.

At step 655 the computer FS of the service provider will perform an
asymmetric cryptographic operation of the string CD'CIESIM with the public key
PbKCIE, present on the digital certificate CDCIE, thereby obtaining the string
CDCIESIM = CD'CIESIM ⊗ PbKCIE.

In case the string CDCIESIM does not match with the string CD*CIESIM, the
computer FS of the service provider will stop the user authentication procedure
(step 658).

At step 659, the computer FS interrogates a remote computer CRL
disposing of the list of certificates revoked by the certification authority CA, said
authority being identified through the digital certificate CDCIE of the electronic
identity card 4 (in case, the computer CRL can also coincide with the computer of
the certification authority CA). Since the computer CRL guarantees the validity of
the certificate, it verifies if the latter is valid.

Only in case of positive outcome (step 661), the user authentication has
turned out well and the service provider will begin offering services to the user,
since the service provider has unequivocally identified the owner of the SIM 6
contained in the mobile phone 10. Otherwise (step 660) the service provider will
stop the user authentication procedure.

Example 7

It will be now described a seventh embodiment of the invention wherein
the unique string IDSIM of the SIM 6 is used.

During the preparation stage of said SIM 6, the electronic identity card 4
and the SIM 6 are respectively inserted into the respective slots 2,3 of the device
1.

With reference to the Figure 15, at step 701 the SIM 6 or, as an
alternative, the device 1 or the electronic identity card 4 or the chip 12 of the
mobile phone 10, generate a public key PbKSIM and a corresponding private key
PrKSIM. The public key PbKSIM and the corresponding private key PrKSIM are in any
case stored on the SIM 6. Obviously, the private key PrKSIM is stored on the SIM
6, according to known techniques, thereby guaranteeing the inaccessibility from
outside.

At step 703 the device 1 requests and obtains from the SIM 6 a unique
string IDSIM that is generally the serial number of the SIM, univocally assigned by
the manufacturer of the SIM itself. In this same step, the device 1 requests and
obtains the digital certificate CDCIE from the electronic identity card 4.

At step 707 the device 1 or the electronic identity card 4 performs a
cryptographic operation by means of a "hashing" algorithm of the string CDCIESIM,
thereby obtaining the string HCDCIESIM=H(CDCIESIM).

Finally, at step 713 the digital certificate CDCIE of the electronic identity
card 4 and the string HCD"CIESIM are stored on the SIM 6 (step 713). In this way,
the electronic identity card 4 is univocally bound to the SIM 6.

Then the SIM card 6 can be taken out from the device 1 and be inserted
into a mobile phone 10 for being used in the authentication procedure with a
service provider, for instance a bank, the public administration or a shop.

With reference to the Figures 2b and 16, it will be now described the
authentication procedure according to this embodiment of the invention.

By making a phone call to a service provider, the mobile phone 10
containing the SIM 6 is put into communication with a computer FS of a service
provider.

During the use stage of said SIM 6, at step 751 the computer FS of the
service provider requests to the SIM 6 either the public key PbKSIM or the digital
certificate CDCIE and the identification number IDSIM of the SIM 6. In reply, it
obtains respectively PbK*SIM, CD*CIE e ID*SIM. It should be noted that it could
happen that PbKSIM, CDCIE and IDSIM do not match respectively with PbK*SIM,
CD*CIE e ID*SIM due to transmission errors or deliberate alterations.

At step 753 the computer FS, in possession of the public key PbKCA of the
certification authority CA identified through the digital certificate CD*CIE of the
electronic identity card 4 and guaranteeing the certificate itself, verifies the
validity of the signature of the certificate body by the CA itself.

In addition, the computer FS verifies that the digital certificate CD*CIE has
not expired. Finally, the computer FS interrogates a remote computer CRL,
disposing of the list of the certificates revoked by the certification authority CA
(in case, the computer CRL can also coincide with the computer of the
certification authority CA).

Since the computer CRL guarantees the validity of the certificate, it will
verify that this latter has not been revoked.

Only in case of positive outcome of the three checks, the computer FS will
proceed with step 755; otherwise (step 754) the service provider will stop the
user authentication procedure.

At step 755 the computer FS considers the certificate CD*CIE as authentic
(and therefore matching with CDCIE) and valid.

At step 757 the computer FS generates a random number CH, creates
from said number CH, by means of an asymmetric cryptographic operation with
the public key PbK*SIM, a string CH' = CH ⊗ PbK*SIM and sends said string CH' to
the SIM 6 of the mobile phone 10 that receives it as CH'*.

At step 761 the SIM 6 expands, by means of an expansion algorithm E,
said number CH*, thereby obtaining a string S of length LS, equal to the length
LHCD"CIESIM of the string HCD"CIESIM (S=E(CH*), so that LS = LHCD"CIESIM).

At step 763 a string HCD"CIESIM_XOR = HCD"CIESIM ⊕ S obtained performing a
logic operation XOR between the string HCD"CIESIM and the string S is generated
by the SIM 6. The string HCD"CIESIM_XOR is successively sent to the computer FS
that receives it as HCD"*CIESIM_XOR.

At step 765 the computer FS expands by means of an expansion algorithm
E the random number CH, thereby obtaining a string T of length LT equal to the
length LHCD"*CIESIM_XOR of the string HCD"*CIESIM_XOR (T=E(CH), so that
LT = LHCD"*CIESIM_XOR).

At step 767 the computer FS obtains the string
HCD"*CIESIM = HCD"*CIESIM_XOR ⊕ T by performing the logic operation XOR between
the string HCD"*CIESIM_XOR and the string T.

At step 775 it obtains the string HCD+CIESIM = H(CD+CIESIM) by means of an
"hashing" algorithm on the string CD+CIESIM.

At step 777 the computer FS compares the string HCD*CIESIM with the
string HCD+CIESIM (HCD*CIESIM = HCD+CIESIM ?). In case the string HCD*CIESIM does
not match with the string HCD+CIESIM, the service provider will stop the user
authentication procedure (step 778).

Only in case of positive outcome (step 779), the user authentication has
turned out well and the service provider will begin offering services to the user,
since the service provider has unequivocally identified the owner of the SIM 6
contained in the mobile phone 10.

Although in all the authentication methods described the digital certificate
of the electronic identity card is used as a starting point, nonetheless it is also
possible to use whatever string, provided that it contains the public key of the
electronic identity card.

Although in all the authentication methods described the electronic identity
card is univocally bound to a smart card to be used in a mobile phone, it is also
possible to bind univocally the electronic identity card to whatever device for
storing data, like for instance a magnetic or optical disk, a microprocessor and so
on.

As a consequence, it appears clear that the described methods are
susceptible of being applied to whatever communication apparatus, also different
from the mobile phone, provided that it is able to read data contained in the
device 6 for storing data and to communicate them to the exterior of the
apparatus itself either via radio waves or through electric connections.

It is clear that what has been described is given as a not limiting example
and that changes and modifications are possible without departing from the field
of protection of the invention.

Claims (36)

User authentication method performed by a computer (FS) by means of a
data storing device comprising the steps of:

arranging a smart card (4) wherein a first private key (PrKCIE) and a digital
certificate (CDCIE) containing the first public key (PbKCIE) corresponding to said
first private key (PrKCIE) are stored;

arranging a device (6) for storing data;

obtaining an identifying string (IDSIM) of said device (6) for storing data;

arranging a first coding method using said first private key (PrKCIE) and a
corresponding first decoding method using said first public key (PbKCIE)
corresponding to said first private key (PrKCIE);

arranging a second coding method using said identifying string (IDSIM);

applying in succession said second coding method and said first coding
method to a first string (CDCIE) containing said first public key (PbKCIE), in
order to obtain a second string (HCD'CIESIM;HCD"CIESIM);

storing said first string (CDCIE), said second string (HCD'CIESIM;HCD"CIESIM) and
said identifying string (IDSIM), in a memory (8;14;11) accessible to said
computer (FS);

putting said device (6) for storing data into communication with said
computer (FS);

applying said second coding method to said first string (CDCIE) in order to
obtain a third string (HCD*CIESIM);

applying said first decoding method to said second string
(HCD'CIESIM;HCD"CIESIM), in order to obtain a fourth string
(HCDCIESIM;HCD+CIESIM);

comparing said third string (HCD*CIESIM) with said fourth string
(HCDCIESIM;HCD+CIESIM) and, in case of identity, informing the computer (FS)
that said device (6) for storing data has been necessarily obtained from said
smart card (4).

Authentication method according to claim 1, wherein:

said second coding method consists in a first operation of concatenation of
said first string (CDCIE) with said identifying string (IDSIM);

said first coding method consists in a second asymmetric cryptographic
operation of the result of said first operation (HCDCIESIM) with said first private
key (PrKCIE); and

said first decoding method consists in a third asymmetric cryptographic
operation of said second string (HCD'CIESIM) with said first public key (PbKCIE).

Authentication method according to claim 2, wherein an "hashing" algorithm
is applied to the result of said first operation (CDCIESIM,CD*CIESIM) and to the
result of said third operation (CDCIESIM).

Authentication method according to claim 2 or 3, wherein said second
operation is performed by said smart card (4) and said third operation is
performed by said computer (FS).

Authentication method according to claim 1, wherein said first coding method
and said first decoding method provide for the use of a second private key
(PrKSIM) and of a second public key (PbKSIM).

Authentication method according to claim 5, wherein :

said second coding method consists in a first operation of concatenation of
said first string (CDCIE) with said first identifying string (IDSIM);

said first coding method consists in the steps of:

performing a second asymmetric cryptographic operation of the result of
said first operation (HCDCIESIM) with said first private key (PrKCIE), in order
to obtain a fifth string (HCD'CIESIM);

performing a third asymmetric cryptographic operation of said fifth string
(HCD'CIESIM) with said second public key (PbKSIM), in order to obtain a sixth
string (HPCD"CIESIM);

performing a fourth asymmetric cryptographic operation of said sixth
string (HPCD"CIESIM) with said second private key (PrKSIM), in order to obtain
a seventh string (HCD'CIESIM);

performing a fifth asymmetric cryptographic operation of said seventh
string (HCD'CIESIM) with said second private key (PrKSIM), in order to obtain
said second string (HCD"CIESIM);

and said first decoding method consists in the steps of:

performing a sixth asymmetric cryptographic operation of said second
string (HCD"CIESIM) with said second public key (PbKSIM), in order to obtain
a ninth string (HCD'CIESIM);

performing a seventh asymmetric cryptography operation of said ninth
string (HCD'CIESIM) with said first public key (PbKCIE), in order to obtain said
fourth string (HCDCIESIM).

Authentication method according to claim 6, wherein said second operation is
performed by said smart card (4), said fourth and fifth operations are
performed by a microprocessor (12) of said apparatus (10), and said sixth
and seventh operations are performed by said computer (FS).

Authentication method according to claim 5, wherein:

said second coding method consists in a first operation of concatenation of
said first string (CDCIE) with said identifying string (IDSIM);

said first coding method consists in the steps of:

performing a second asymmetric cryptographic operation of the result of
said first operation (HCDCIESIM) with said first private key (PrKCIE), in order
to obtain a fifth string (HCD'CIESIM);

performing a third asymmetric cryptographic operation of said fifth string
(HCD'CIESIM) with said second private key (PrKSIM), in order to obtain said
second string (HCD"CIESIM);

and said first decoding method consists in the steps of:

performing a fourth asymmetric cryptographic operation of said second
string (HCD"CIESIM) with said second public key (PbKSIM), in order to obtain
a seventh string (HCD'CIESIM);

performing a fifth asymmetric cryptographic operation of said seventh
string (HCD'CIESIM) with said first public key (PbKCIE), in order to obtain said
fourth string (HCDCIESIM).

Authentication method according to claim 8, wherein said second operation is
performed by said smart card (4), said third operation is performed by a
second computer (TP) and said fourth and fifth operations are performed by
said computer (FS).

Authentication method according to any of the claims 6 to 9, wherein an
"hashing" algorithm is applied to the result of said first operation (CDCIESIM).

User authentication method performed by a computer (FS) by means of a
device for storing data comprising the steps of:

arranging a smart card (4) wherein a first private key (PrKCIE) and a digital
certificate (CDCIE) containing the first public key (PbKCIE) corresponding to said
first private key (PrKCIE) are stored;

arranging two coding methods and two decoding methods, said first coding
method providing for the use of said first private key (PrKCIE) and said first
decoding method providing for the use of said public key (PbKCIE)
corresponding to said private key (PrKCIE), said second coding method and
said second decoding method providing for the use of said identifying string
(IDSIM; PrKSIM, PbKSIM);

applying in succession said first/second coding method and said second/first
coding method to a first string (CDCIE) containing said public key (PbKCIE), in
order to obtain a second string (HCD"CIE;HCD'CIE_XOR);

storing said first string (CDCIE), said second string (HCD"CIE;HCD'CIE_XOR) and
said identifying string (IDSIM; PrKSIM, PbKSIM), in a memory (13) accessible to
said computer (FS);

putting said device (6) for storing data into communication with said
computer (FS);

applying to said second string (HCD"CIE;HCD'CIE_XOR) said second/first decoding
method, in order to obtain a third string (HCD'CIE);

applying to said third string (HCD'CIE;HCD'CIE) said first/second decoding
method, in order to obtain a fourth string (HCD*CIE);

comparing said first string (HCDCIE) with said fourth string (HCD*CIE) and, in
case of identity, informing the computer (FS) that said device (6) for storing
data has been necessarily obtained by said smart card (4).

Authentication method according to claim 11, wherein:

said second coding method consists in a first asymmetric cryptographic
operation of said first string (CDCIE) with said second public key (PbKSIM);

said first coding method consists in a second asymmetric cryptographic
operation of the result of said first operation (HCD'CIE) with said first private
key (PrKCIE);

said first decoding method consists in the steps of:

generating a first random number (CH);

creating from the first random number (CH) a fifth string (CH') by means
of an asymmetric cryptographic operation with said second public key
(PbKSIM);

performing a third asymmetric cryptography operation of said fifth string
(CH') with said second private key (PrKSIM), thereby obtaining a second
random number (CH*);

generating, by means of an "hashing" algorithm on said second random
number (CH*), a sixth string (S) that is concatenated with itself more
times until its length (LS) is equal to the length (LHCD"CIE) of said second
string (HCD"CIE);

generating a seventh string (HCD"CIE_XOR) obtained by performing a first
logic operation XOR between said second string (HCD"CIE) and said sixth
string (S);

generating, by means of an "hashing" algorithm on said second random
number (CH), an eight string (T) that is concatenated with itself more
times until its length (LT) is equal to the length (LHCD"CIE_XOR) of said
seventh string (HCD"CIE_XOR);

performing a second logic operation XOR between said seventh string
(HCD"CIE_XOR) and said eight string (T), thereby obtaining a string that
corresponds to said third string (HCD'CIE);

performing a fourth asymmetric cryptographic operation on said third
string (HCD'CIE) with said first private key (PbKCIE);

and said second coding method consists in the steps of:

performing a fifth asymmetric cryptographic operation on the result of said
fourth operation (HCD'CIE) with said second public key (PbKSIM), thereby
obtaining said fourth string (HCD*CIE).

Authentication method according to claim 12, wherein said storing device (6)
is provided with a microprocessor.

Authentication method according to claim 13, wherein said second operation
is performed by said smart card (4), said third operation and said first logic
operation are performed by said storing device (6) or by the mobile phone
(10), and said fourth and fifth operations together with said second logic
operation are performed by said computer (FS).

Authentication method according to claim 11, wherein:

said first coding method consists in performing a first asymmetric
cryptographic operation of said first string with said first private key, in order
to obtain a fifth string (HCD'CIE);

said second coding method consists in the steps of:

concatenating said identifying string (IDSIM) with itself until a sixth string
(S) of length (LS) equal to the length (LHCD'CIE) of said fifth string (HCD'CIE)
is obtained;

performing a first logic operation XOR between said fifth string (HCD'CIE)
and said sixth string (S) for obtaining a string that corresponds to said
second string (HCD'CIE_XOR);

said second decoding method consisting in the steps of:

concatenating said identifying string (IDSIM) with itself until a seventh
string (T) of length (LT) equal to the length of said second string
(LHCD'CIE_XOR) is obtained;

performing a second logic operation XOR between said second string
(HCD'CIE_XOR) and said seventh string (T), in order to obtain an eight string
(HCD'CIE);

said first decoding method consists in performing a second asymmetric
cryptographic operation of said eight string (HCD'CIE) with said first public key
(PbKCIE), in order to obtain a string that corresponds to said fourth string
(HCD*CIE).

Authentication method according to claim 15, wherein said first operation is
performed by said smart card (4) and said second operation together with
said two logic operations are performed by said computer (FS).

Authentication method according to any of the claims 11 to 16, wherein said
first string is a string to which an "hashing" algorithm has been applied.

Authentication method according to any of the claims from 1 to 4 and from
11 to 13, wherein said memory accessible to said computer (FS) is a memory
(8) contained in said device (6) for storing data.

Authentication method according to any of the claims 1,5,6,7,10 wherein
said memory accessible to said computer (FS) is a memory (14) contained in
a microprocessor (12) of said communication apparatus (10).

Authentication method according to any of the claims 1,5,8,9,10 wherein
said memory accessible to said computer (FS) is a memory (11) contained in
a second computer (TP).

Authentication method according to any of the claims 11,14,15,16,17
wherein said memory accessible to said computer (FS) is a memory (13)
contained in said computer itself (FS).

Authentication method according to any of the preceding claims, wherein
said first string is the digital certificate (CDCIE) stored in said smart card (4).

Authentication method according to claim 22, wherein at the end of said
authentication method, it is provided to verify the validity of said digital
certificate (CDCIE) by a remote computer (CRL) disposing of a list of the
certificates revoked by the certification authority (CA), said authority being
identified through said digital certificate (CDCIE), and only if said digital
certificate (CDCIE) is valid, the computer (FS) is informed that it is possible to
provide for some services.

Authentication method according to claim 23, wherein said remote computer
(CRL) is the computer of the certification authority (CA).

Authentication method according to any of the preceding claims, wherein
said device (6) for storing data is intended to be used in a communication
apparatus (10).

Authentication method according to any of the preceding claims, wherein
said communication apparatus (10) is a mobile phone.

Authentication method according to any of the preceding claims, wherein
said device (6) for storing data is a second smart card.

Device for obtaining a device (6) for storing data to be used in the
authentication method as claimed in the claims from 1 to 27 starting from a
smart card (4) wherein a first string (CDCIE) containing a public key (PbKCIE)
and a private key (PrKCIE) corresponding to said public key are stored, said
smart card (4) being usable for authenticating a user by means of a computer
(FS), said device (1) comprising reading means of said smart card (4),
reading/writing means of said device (6) for storing data and data processing
means, characterised in that said data processing means generate a second
string (HCD'CIESIM;HCD"CIE;HCD"CIESIM; HCD'CIE_XOR) associated to said first string
(CDCIE), and store said second string
(HCD'CIESIM;HCD"CIE;HCD"CIESIM;HCD'CIE_XOR), together with an identifying string
(IDSIM; PbKSIM, PrKSIM) of said device (6) for storing data, in a memory
accessible (8;11;13;14) to said computer (FS).

Device according to claim 28, characterised in that, for obtaining said second
string (HCD'CIESIM;HCD"CIE;HCD"CIESIM; HCD'CIE_XOR) from said first string (CDCIE)
a first coding method using said first private key (PrKCIE) and a second coding
method using said identifying string (IDSIM; PbKSIM, PrKSIM) or vice versa are
applied in succession.

Device according to one of the claims 28 or 29, characterised in that said
memory accessible to said computer (FS) is a memory (8) contained in said
device (6) for storing data.

Device according to one of the claims 28 or 29, characterised in that said
memory accessible to said computer (FS) is a memory (13) contained in said
computer (FS).

Device according to one of the claims 28 or 29, characterised in that said
memory accessible to said computer (FS) is a memory (11) contained in a
second computer (TP).

Device according to one of the claims 28 or 29, characterised in that said
memory accessible to said computer (FS) is a memory (14) contained in a
microprocessor (12).

Device according to one of the claims 28 to 33, characterised in that said first
string is said digital certificate (CDCIE).

Device for storing data to be used in the authentication method as claimed in
the claims from 1 to 27, wherein are stored a first string (CDCIE) containing a
public key (PbKCIE), an identifying string (IDSIM; PbKSIM, PrKSIM) of said smart
card and a second string (HCD'CIESIM;HCD"CIE;HCD"CIESIM;HCD'CIE_XOR) obtained
by applying in succession to said first string (CDCIE) two coding methods,
wherein one of said two coding methods uses the private key (PrKCIE)
associated to said public key (PbKCIE), and the other of said two coding
methods uses said identifying string (IDSIM; PbKSIM, PrKSIM).

Device for storing data according to claim 35, characterised in that said
device is a smart card (6).

EP02017202A2001-08-032002-07-31Authentication method by means of a storing device
WithdrawnEP1282026A3
(en)